[Git][security-tracker-team/security-tracker][master] 2 commits: Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5

Fri Mar 31 20:37:32 BST 2023


Anton Gladky pushed to branch master at Debian Security Tracker / security-tracker


Commits:
de9e9f62 by Anton Gladky at 2023-03-31T21:36:03+02:00
Mark CVE-2019-6245 and CVE-2019-6247 as fixed in 1.3.0+dfsg1-5

- - - - -
6feb617f by Anton Gladky at 2023-03-31T21:37:10+02:00
Reserve DLA-3376-1 for svgpp

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -104104,7 +104104,6 @@ CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator of
 CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...)
 	- svgpp 1.3.0+dfsg1-5 (bug #1014599)
 	[bullseye] - svgpp <no-dsa> (Minor issue)
-	[buster] - svgpp <no-dsa> (Minor issue)
 	NOTE: https://github.com/svgpp/svgpp/issues/101
 	NOTE: https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91
 CVE-2021-44959
@@ -293893,7 +293892,7 @@ CVE-2019-6250 (A pointer overflow, with code execution, was discovered in ZeroMQ
 CVE-2019-6248 (PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 ...)
 	NOT-FOR-US: PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script
 CVE-2019-6247 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
-	- svgpp <unfixed> (unimportant; bug #919321)
+	- svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
 	NOTE: https://github.com/svgpp/svgpp/issues/70
 	NOTE: Issue only in src:svgpp which does not call the AGG-API in correct way.
 	NOTE: No security impact, only used to build examples, see #921097
@@ -293903,7 +293902,7 @@ CVE-2019-6246 (An issue was discovered in SVG++ (aka svgpp) 1.2.3. After calling
 CVE-2019-6245 (An issue was discovered in Anti-Grain Geometry (AGG) 2.4 as used in SV ...)
 	{DLA-2872-1 DLA-1656-1}
 	- agg 1:2.4-r127+dfsg1-1 (low; bug #919322)
-	- svgpp <unfixed> (unimportant; bug #919321)
+	- svgpp 1.3.0+dfsg1-5 (unimportant; bug #919321)
 	NOTE: https://github.com/svgpp/svgpp/issues/70
 	NOTE: Fixed in src:agg with: https://sourceforge.net/p/agg/svn/119/
 	NOTE: and possibly already fixed with the inclusion of 05-fix-recursion-crash.patch


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 Mar 2023] DLA-3376-1 svgpp - security update
+	{CVE-2019-6245 CVE-2019-6247 CVE-2021-44960}
+	[buster] - svgpp 1.2.3+dfsg1-6+deb10u1
 [31 Mar 2023] DLA-3375-1 xrdp - security update
 	{CVE-2022-23480 CVE-2022-23481 CVE-2022-23482}
 	[buster] - xrdp 0.9.9-1+deb10u3


=====================================
data/dla-needed.txt
=====================================
@@ -291,10 +291,6 @@ sssd
   NOTE: 20230131: Programming language: C.
   NOTE: 20230205: VCS: https://salsa.debian.org/lts-team/packages/sssd.git
 --
-svgpp (gladk)
-  NOTE: 20230322: Programming language: C++.
-  NOTE: 20230322: VCS: https://salsa.debian.org/debian/svgpp.git
---
 systemd (Adrian Bunk)
   NOTE: 20230304: Programming language: C.
   NOTE: 20230304: VCS: https://salsa.debian.org/lts-team/packages/systemd.git



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e99681b66d193025dcb6c7bec6eefe7e84118c3...6feb617f5b61d124076a91a5fa1d2de356fcaf62

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6e99681b66d193025dcb6c7bec6eefe7e84118c3...6feb617f5b61d124076a91a5fa1d2de356fcaf62
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230331/02c201d4/attachment-0001.htm>
